RELAYTO Penetration Test Results (52/101)

Pass Pulse Connect Secure Arbitrary File Read Vulnerability (CVE-2019-11510) CVE-2019-11510 16 Aug 2019 10 (v3) Critical Pass Apple AirPlay Web Detection 14 Aug 2019 None Pass Jenkins Enterprise and Operations Center < 2.249.31.0.4 / 2.277.4.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-05-11)CVE-2021-21648 CVE-2021-21649 CVE-2021-21650 CVE-2021-21651 CVE-2021-21652 CVE-2021-21653 CVE-2021-21654 CVE-2021-21655 CVE-2021-2165608 Nov 2021 7.1 (v3) High Pass QNAP QTS / QuTS hero Multiple Vulnerabilities in Samba (QSA-22-03) CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 05 Apr 2022 8.8 (v3) High Pass QNAP QTS / QuTS Hero DEADBOLT Ransomware (QSA-22-02) 05 Apr 2022 9.8 (v3) Critical Pass QNAP QTS / QuTS hero Insuﬃcient HTTP Security Headers (QSA-21-03) CVE-2018-19957 07 Apr 2022 6.1 (v3) Medium Pass QNAP QTS / QuTS hero Command Injection (QSA-21-05) CVE-2020-2509 19 Apr 2022 9.8 (v3) Critical Pass Oracle MySQL Enterprise Monitor (Apr 2022 CPU) CVE-2021-41184 CVE-2021-42340 CVE-2021-44832 CVE-2022-0778 CVE-2022-22965 CVE-2022-23181 CVE-2022-23305 20 Apr 2022 9.8 (v3) Critical Pass Cisco IOS XE Software IOx Application Hosting Environment (cisco-sa-iox-yuXQ6hFj) CVE-2022-20677 CVE-2022-20718 CVE-2022-20719 CVE-2022-20720 CVE-2022-20721 CVE-2022-20722 CVE-2022-20723 CVE-2022-20724 CVE-2022-20725 CVE-2022-2072722 Apr 2022 7.5 (v3) High Pass OpenSSL 1.1.1 < 1.1.1o Vulnerability CVE-2022-1292 03 May 2022 9.8 (v3) Critical Pass GitLab 1.0.2 < 14.8.6 Multiple Vulnerabilities CVE-2022-1413 CVE-2022-1416 CVE-2022-1423 06 May 2022 8.8 (v3) High Pass ManageEngine Access Manager Plus REST API Restriction Bypass (CVE-2022-29081) CVE-2022-29081 09 May 2022 9.8 (v3) Critical Pass Apache Tomcat 10.0.0.M1 < 10.0.0.M5 vulnerability CVE-2020-9484 22 Jun 2021 7 (v3) High Pass Apache Struts Unsupported Version Detection 13 Sep 2018 10 (v3) Critical Pass Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge DoS (cisco-sa-n9kaci-queue-wedge-cLDDEfKF)CVE-2021-1523 21 Feb 2022 8.6 (v3) High Pass ManageEngine ADManager Plus < Build 7115 RCE CVE-2021-42002 25 Feb 2022 9.8 (v3) Critical Pass Cisco NX-OS Software NX-API Command Injection (cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2) CVE-2022-20650 03 Mar 2022 8.8 (v3) High Pass Cisco NX-OS Software Cisco Fabric Services Over IP DoS (cisco-sa-cfsoip-dos-tpykyDr) CVE-2022-20624 03 Mar 2022 7.5 (v3) High Pass Cisco TelePresence Video Communication Server Bash Remote Code Execution (Shellshock) CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 21 Oct 2014 10 (v2) Critical Pass Intel Management Engine Insecure Read / Write Operations RCE (INTEL-SA-00075) (remote check) CVE-2017-5689 03 May 2017 9.8 (v3) Critical Pass Pgbouncer Service Detection 17 Aug 2016 None Pass VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock) CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 30 Dec 2015 10 (v2) Critical Pass Visual Mining NetCharts Server Web UI Detection 02 Dec 2014 None Pass GNU Bash Local Environment Variable Handling Command Injection via Telnet (CVE-2014-7169) (Shellshock)CVE-2014-7169 25 Sep 2014 10 (v2) Critical Pass Gurock TestRail Detection 21 Aug 2014 None Pass EMC Documentum D2 Detection (credentialed) 21 Aug 2014 None Pass VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock) CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 04 Nov 2014 10 (v2) Critical Pass Cisco Wireless LAN Controller Multiple Vulnerabilities CVE-2018-0417 CVE-2018-0441 CVE-2018-0442 CVE-2018-0443 26 Oct 2018 7.5 (v3) High Pass Apache Solr Conﬁg API Velocity Template RCE (Direct Check) CVE-2019-17558 06 Dec 2019 7.5 (v3) High Pass Cisco Small Business RV Series Routers Multiple Vulnerabilities (cisco-sa-sb-rv-bypass-inject-Rbhgvfdx) CVE-2021-1472 CVE-2021-1473 15 Apr 2021 9.8 (v3) Critical Pass VMware vCenter Server RCE (direct check) CVE-2021-21972 25 Feb 2021 9.8 (v3) Critical Pass Trend Micro ServerProtect Static Credential (CVE-2022-25329) CVE-2022-25329 07 Mar 2022 9.8 (v3) Critical Pass Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.6 / 2.303.x < 2.303.30.0.5 / 2.319.3.3 Multiple DoS (CloudBees Security Advisory 2022-02-09)CVE-2021-43859 CVE-2022-0538 07 Mar 2022 7.5 (v3) High Pass IBM WebSphere Application Server 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.20 / 9.0.x < 9.0.5.8 Multiple VulnerabilitiesCVE-2011-1498 CVE-2012-6153 CVE-2014-3577 CVE-2015-5262 20 May 2021 8.1 (v3) High Pass Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST) CVE-2011-3389 07 Feb 2014 4.3 (v2) Medium Pass Citrix SD-WAN Center Test Build Network DoS (CTX297155) CVE-2020-8299 18 Jun 2021 6.5 (v3) Medium Pass Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX297155) CVE-2020-8299 CVE-2020-8300 18 Jun 2021 6.5 (v3) Medium Pass PHP 5.5.x < 5.5.9 GD Extension Multiple Vulnerabilities CVE-2013-7226 CVE-2013-7327 CVE-2013-7328 CVE-2014-2020 14 Feb 2014 6.8 (v2) Medium Pass Symantec Encryption Management Server < 3.3.2 Information Disclosure CVE-2014-1643 14 Feb 2014 4 (v2) Medium Pass JForum jforum.page start Parameter XSS CVE-2012-5337 14 Feb 2014 4.3 (v2) Medium Pass MediaWiki thumb.php 'w' Parameter Remote Shell Command Injection CVE-2014-1610 21 Feb 2014 8.8 (v3) High Pass Serv-U FTP Server < 15.0.1.20 DoS 24 Feb 2014 5 (v2) Medium Pass PostgreSQL 8.4 < 8.4.20 / 9.0 < 9.0.16 / 9.1 < 9.1.12 / 9.2 < 9.2.7 / 9.3 < 9.3.3 Multiple Vulnerabilities CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-2669 24 Feb 2014 9.8 (v3) Critical Pass Cisco IOS HTTP Client Information Disclosure Vulnerability (cisco-sa-20190925-http-client) CVE-2019-12665 10 Oct 2019 7.4 (v3) High Pass Cisco IOS XR Software for Cisco 8000 and NCS 540 Routers Image Veriﬁcation Vulnerabilities (cisco-sa-ioxrCVE-2021-1136 CVE-2021-1244-l-zNhcGCBt) 11 Mar 2021 6.7 (v3) Medium Pass MailEnable IMAP Server SEARCH Command Remote DoS CVE-2004-2194 17 Oct 2004 5 (v2) Medium Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.20 / 9.0.x < 9.0.14 / 9.1.x < 9.1.11 / 10.0.x < 10.0.7 / 10.1.x < 10.1.2 VCVE-2021-3054ulnerability 08 Sep 2021 6.6 (v3) Medium Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.20 / 9.0.x < 9.0.14 / 9.1.x < 9.1.10 / 10.0.x < 10.0.6 Vulnerability CVE-2021-3055 08 Sep 2021 6.5 (v3) Medium Pass Serendipity Multiple Script HTTP Response Splitting CVE-2004-1620 21 Oct 2004 4.3 (v2) Medium Pass Juniper Junos OS DoS (JSA11185) CVE-2021-0281 14 Sep 2021 7.5 (v3) High Pass Cisco Small Business RV Series Routers Link Layer Discovery Protocol Multiple Vulnerabilities (cisco-sa-rv-multi-lldp-u7e4chCe)CVE-2021-1251 CVE-2021-1308 CVE-2021-1309 14 Sep 2021 8.8 (v3) High Pass SquirrelMail < 1.2.11 Multiple Script XSS CVE-2004-0639 06 Aug 2004 4.3 (v2) Medium Pass IBM WebSphere Application Server Information Disclosure (6489485) CVE-2021-29842 23 Sep 2021 5.3 (v3) Medium Pass Moodle 'post.php' 'reply' Parameter XSS CVE-2004-1711 11 Aug 2004 4.3 (v2) Medium Pass Juniper Junos OS Vulnerability (JSA11226) CVE-2021-0283 CVE-2021-31364 13 Oct 2021 7.5 (v3) High Pass Juniper Junos OS DoS (JSA11285) CVE-2022-22179 18 Jan 2022 6.5 (v3) Medium Pass phpMyFAQ index.php action Parameter Local File Inclusion CVE-2004-2255 11 Aug 2004 5 (v2) Medium Pass WowBB <= 1.61 Multiple Vulnerabilities CVE-2004-2180 CVE-2004-2181 25 Oct 2004 7.5 (v2) High Pass PostNuke Trojaned Distribution 26 Oct 2004 7.5 (v2) High Pass Unpassworded 'bash' Backdoor Account CVE-1999-0502 30 Oct 2004 9.8 (v3) Critical Pass Web Server SSL Port HTTP Traﬃc Detection 01 Nov 2004 None Pass YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution 13 Aug 2004 7.5 (v2) High Pass Juniper Junos OS Vulnerability (JSA11196) CVE-2021-0294 19 Nov 2021 5.3 (v3) Medium Pass Adobe Experience Manager 6.5.0.0 < 6.5.11.0 Multiple Vulnerabilities (APSB21-103) CVE-2021-40711 CVE-2021-40712 CVE-2021-40722 CVE-2021-42725 CVE-2021-43761 CVE-2021-43762 CVE-2021-43764 CVE-2021-43765 CVE-2021-44176 CVE-2021-44177 CVE-2021-4417814 Dec 2021 9.8 (v3) Critical Pass Jenkins < 1.551 / 1.532.2 and Jenkins Enterprise 1.509.x / 1.532.x < 1.509.5.1 / 1.532.2.2 Multiple VulnerabilitiesCVE-2013-5573 CVE-2013-7285 CVE-2013-7330 CVE-2014-2058 CVE-2014-2060 CVE-2014-2061 CVE-2014-2062 CVE-2014-2063 CVE-2014-2064 CVE-2014-2065 CVE-2014-2066 CVE-2014-206825 Feb 2014 7.5 (v2) High Pass Jenkins < 1.545 Subversion Plugin Information Disclosure CVE-2013-6372 28 Feb 2014 2.1 (v2) Low Pass Grails resources plug-in WEB-INF / META-INF File Disclosure CVE-2014-0053 CVE-2014-2857 CVE-2014-2858 01 Mar 2014 5 (v2) Medium Pass Oracle WebCenter Sites Default Credentials Check 03 Mar 2014 7.5 (v2) High Pass IBM Domino < 8.5.3 FP 6 IF 1 / 9.0.1 IF 2 DoS CVE-2014-0822 04 Mar 2014 7.8 (v2) High Pass IBM Rational Focal Point Default Credentials 06 Mar 2014 7.5 (v2) High Pass Horde Application Framework Help Window Multiple Parameter XSS CVE-2004-2741 02 Nov 2004 4.3 (v2) Medium Pass Juniper Junos OS Vulnerability (JSA11262) CVE-2022-22154 12 Jan 2022 6.8 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11272) CVE-2022-22164 12 Jan 2022 5.3 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11283) CVE-2022-22177 12 Jan 2022 7.5 (v3) High Pass Juniper Junos OS Multiple Vulnerabilities (JSA11265) CVE-2022-22157 CVE-2022-22167 12 Jan 2022 9.8 (v3) Critical Pass Juniper Junos OS Vulnerability (JSA11269) CVE-2022-22161 12 Jan 2022 7.5 (v3) High Pass Juniper Junos OS Vulnerability (JSA11261) CVE-2022-22153 12 Jan 2022 7.5 (v3) High Pass Moodle < 1.4.3 Multiple Vulnerabilities CVE-2004-1424 CVE-2004-1425 CVE-2004-2232 06 Nov 2004 7.5 (v2) High Pass PHP 5.4.x < 5.4.26 Multiple Vulnerabilities CVE-2014-1943 CVE-2014-2270 07 Mar 2014 5 (v2) Medium Pass PHP 5.5.x < 5.5.10 Multiple Vulnerabilities CVE-2014-1943 CVE-2014-2270 07 Mar 2014 5 (v2) Medium Pass HP System Management Homepage < 7.3 Multiple Vulnerabilities CVE-2013-4846 CVE-2013-6188 12 Mar 2014 6.8 (v2) Medium Pass phpGroupWare index.php Addressbook XSS CVE-2003-0504 17 Aug 2004 4.3 (v2) Medium Pass Apache 2.4.x < 2.4.8 Multiple Vulnerabilities CVE-2013-6438 CVE-2014-0098 18 Mar 2014 5.3 (v3) Medium Pass Oracle Reports Servlet Parsequery Function Remote Database Credentials Exposure CVE-2012-3153 20 Mar 2014 6.4 (v2) Medium Pass Oracle BI Publisher Default Credentials Check 20 Mar 2014 7.5 (v2) High Pass IceWarp Web Mail Multiple Flaws (2) 06 Nov 2004 4.3 (v2) Medium Pass Oracle Business Intelligence Publisher (October 2012 CPU) CVE-2012-3193 CVE-2012-3194 20 Mar 2014 4.3 (v2) Medium Pass DNN (DotNetNuke) < 7.2.2 Unspeciﬁed XSS 24 Mar 2014 3.5 (v2) Low Pass phpGroupWare Admin/Setup Password Plaintext Cookie Storage CVE-2004-2578 17 Aug 2004 5 (v2) Medium Pass Apache Struts 2 'class' Parameter ClassLoader Manipulation CVE-2014-0094 26 Mar 2014 5.3 (v3) Medium Pass PHP PHP_RSHUTDOWN_FUNCTION Security Bypass CVE-2012-1171 01 Apr 2014 5 (v2) Medium Pass Default Password (ironport) for 'enablediag' Account CVE-1999-0502 02 Apr 2014 9.8 (v3) Critical Pass Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness 02 Apr 2014 5 (v2) Medium Pass PHP 5.4.x < 5.4.27 awk Magic Parsing BEGIN DoS CVE-2013-7345 04 Apr 2014 5 (v2) Medium Pass Default Password (rain) for 'root' Account CVE-1999-0502 07 Apr 2014 9.8 (v3) Critical Pass HP LeftHand OS Unmanaged Host Detection 10 Apr 2014 10 (v2) Critical Pass RuggedCom RuggedOS HTTP Traﬃc Handling Remote DoS CVE-2014-2590 15 Apr 2014 5 (v2) Medium Pass phpGroupWare Calendar Module Holiday File Save Extension Feature Arbitrary File Execution CVE-2004-0016 17 Aug 2004 7.5 (v2) High Pass nginx < 1.4.7 / 1.5.12 SPDY Heap Buﬀer Overﬂow CVE-2014-0133 15 Apr 2014 5.6 (v3) Medium Pass Liferay Portal 6.2.0 CE GA1 Multiple XSS 15 Apr 2014 4.3 (v2) Medium Pass phpGroupWare Multiple Module SQL Injection CVE-2004-0017 17 Aug 2004 7.5 (v2) High Pass CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities CVE-2014-2859 CVE-2014-2860 CVE-2014-2861 CVE-2014-2862 CVE-2014-2863 CVE-2014-2864 CVE-2014-2865 CVE-2014-2866 CVE-2014-2867 CVE-2014-2868 CVE-2014-2869 CVE-2014-2870 CVE-2014-2871 CVE-2014-2872 CVE-2014-2873 CVE-2014-287418 Apr 2014 10 (v2) Critical Pass Atmail Webmail 3.x < 3.6.4 (3.64) Multiple Vulnerabilities 18 Apr 2014 6.8 (v2) Medium Pass Atmail Webmail 4.5.1 (4.51) / 5.x < 5.0.3 (5.03) util.pl Cross-Site Request Forgery CVE-2006-6701 18 Apr 2014 7.5 (v2) High Pass Atmail Webmail < 5.4.2 (5.42) Multiple Information Disclosure Vulnerabilities CVE-2008-3395 CVE-2008-3579 18 Apr 2014 7.8 (v2) High Pass Atmail Webmail < 6.3.5 Multiple XSS Vulnerabilities 18 Apr 2014 4.3 (v2) Medium Pass Atmail Webmail < 6.6.2 Exim Buﬀer Overﬂow CVE-2012-5671 18 Apr 2014 6.8 (v2) Medium Pass Atmail Webmail 6.6.x < 6.6.3 / 7.x < 7.0.3 File Name Parameter XSS CVE-2013-2585 18 Apr 2014 4.3 (v2) Medium Pass Default Password (nas4free) for 'root' Account CVE-1999-0502 14 Apr 2014 9.8 (v3) Critical Pass Trend Micro Scanmail for Domino nsf File Information Disclosure CVE-2004-1003 19 Aug 2004 6.4 (v2) Medium Pass ZixForum ZixForum.mdb DIrect Request Database Disclosure CVE-2007-0543 22 Aug 2004 5 (v2) Medium Pass Oracle OpenSSO Multiple Vulnerabilities (April 2014 CPU) CVE-2014-0465 CVE-2014-2425 CVE-2014-2426 28 Apr 2014 4.9 (v2) Medium 52

RELAYTO Penetration Test Results - Page 52

RELAYTO Penetration Test Results Page 51 Page 53